github-com-docker-mailserver/docker-mailserver
1
0
Fork 0
mirror of https://github.com/docker-mailserver/docker-mailserver.git synced 2024-01-19 02:48:50 +00:00
Code Issues Projects Releases Wiki Activity

scripts: add wrapper to update Postfix configuration safely (#3484)

Browse source 
The new function can

1. update/append
2. update/prepend
3. initialize if non-existent

options in `/etc/postfix/main.cf` in a safe and secure manner. When the
container is improperly restarted, the option is not applied twice.

---

Co-authored-by: Casper <casperklein@users.noreply.github.com>
Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
This commit is contained in:
Georg Lauterbach 2023-08-22 10:03:41 +02:00 committed by GitHub
parent 758fd9c913
commit cf9eb8278a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 55 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
target/scripts/helpers/aliases.sh
View file

@ -30,12 +30,7 @@ function _handle_postfix_regexp_config() {
_log 'trace' "Adding regexp alias file postfix-regexp.cf" _log 'trace' "Adding regexp alias file postfix-regexp.cf"
cp -f /tmp/docker-mailserver/postfix-regexp.cf /etc/postfix/regexp cp -f /tmp/docker-mailserver/postfix-regexp.cf /etc/postfix/regexp
_add_to_or_update_postfix_main 'virtual_alias_maps' 'pcre:/etc/postfix/regexp'
if ! grep 'virtual_alias_maps.*pcre:/etc/postfix/regexp' /etc/postfix/main.cf; then
sed -i -E \
's|virtual_alias_maps(.*)|virtual_alias_maps\1 pcre:/etc/postfix/regexp|g' \
/etc/postfix/main.cf
fi
fi fi
} }

37
target/scripts/helpers/postfix.sh
View file

@ -91,3 +91,40 @@ function _vhost_ldap_support() {
# #
# /etc/aliases is handled by `alias.sh` and uses `postalias` to update the Postfix alias database. No need for `postmap`. # /etc/aliases is handled by `alias.sh` and uses `postalias` to update the Postfix alias database. No need for `postmap`.
# http://www.postfix.org/postalias.1.html # http://www.postfix.org/postalias.1.html
# Add an key with an value to Postfix's main configuration file
# or update an existing key. An already existing key can be updated
# by either appending to the existing value (default) or by prepending.
#
# @param ${1} = key name in Postfix's main configuration file
# @param ${2} = new value (appended or prepended)
# @param ${3} = "append" (default) or "prepend" [OPTIONAL]
function _add_to_or_update_postfix_main() {
local KEY=${1:?Key name is required}
local NEW_VALUE=${2:?New value is required}
local ACTION=${3:-append}
# If entry does not exist, add it - otherwise update with ACTION:
if ! grep -q -E "^${KEY}" /etc/postfix/main.cf; then
postconf "${KEY} = ${NEW_VALUE}"
else
KEY=$(_escape_for_sed "${KEY}")
NEW_VALUE=$(_escape_for_sed "${NEW_VALUE}")
local SED_STRING
case "${ACTION}" in
('append')
SED_STRING="/${NEW_VALUE}/! s|^(${KEY} *=.*)|\1 ${NEW_VALUE}|g"
;;
('prepend')
SED_STRING="/${NEW_VALUE}/! s|^(${KEY}) *= *(.*)|\1 = ${NEW_VALUE} \2|g"
;;
(*)
_log 'error' "Action '${3}' in _add_to_or_update_postfix_main is unknown"
return 1
;;
esac
sed -i -E "${SED_STRING}" /etc/postfix/main.cf
fi
}

2
target/scripts/helpers/relay.sh
View file

@ -173,7 +173,7 @@ function _setup_relayhost() {
_log 'debug' 'Setting up Postfix Relay Hosts' _log 'debug' 'Setting up Postfix Relay Hosts'
if [[ -n ${DEFAULT_RELAY_HOST} ]]; then if [[ -n ${DEFAULT_RELAY_HOST} ]]; then
_log 'trace' "Setting default relay host ${DEFAULT_RELAY_HOST} to /etc/postfix/main.cf" _log 'trace' "Setting default relay host ${DEFAULT_RELAY_HOST}"
postconf "relayhost = ${DEFAULT_RELAY_HOST}" postconf "relayhost = ${DEFAULT_RELAY_HOST}"
fi fi

9
target/scripts/helpers/utils.sh
View file

@ -4,6 +4,15 @@ function _escape() {
echo "${1//./\\.}" echo "${1//./\\.}"
} }
# Replaces a string so that it can be used inside
# `sed` safely.
#
# @param ${1} = string to escape
# @output = prints the escaped string
function _escape_for_sed() {
sed -E 's/[]\/$*.^[]/\\&/g' <<< "${1:?String to escape for sed is required}"
}
# Returns input after filtering out lines that are: # Returns input after filtering out lines that are:
# empty, white-space, comments (`#` as the first non-whitespace character) # empty, white-space, comments (`#` as the first non-whitespace character)
function _get_valid_lines_from_file() { function _get_valid_lines_from_file() {

9
target/scripts/startup/setup.d/dmarc_dkim_spf.sh
View file

@ -16,10 +16,9 @@ function _setup_opendkim() {
_log 'trace' "Adding OpenDKIM to Postfix's milters" _log 'trace' "Adding OpenDKIM to Postfix's milters"
postconf 'dkim_milter = inet:localhost:8891' postconf 'dkim_milter = inet:localhost:8891'
# shellcheck disable=SC2016 # shellcheck disable=SC2016
sed -i -E \ _add_to_or_update_postfix_main 'smtpd_milters' '$dkim_milter'
-e '/\$dkim_milter/! s|^(smtpd_milters =.*)|\1 \$dkim_milter|g' \ # shellcheck disable=SC2016
-e '/\$dkim_milter/! s|^(non_smtpd_milters =.*)|\1 \$dkim_milter|g' \ _add_to_or_update_postfix_main 'non_smtpd_milters' '$dkim_milter'
/etc/postfix/main.cf
# check if any keys are available # check if any keys are available
if [[ -e /tmp/docker-mailserver/opendkim/KeyTable ]]; then if [[ -e /tmp/docker-mailserver/opendkim/KeyTable ]]; then
@ -64,7 +63,7 @@ function _setup_opendmarc() {
postconf 'dmarc_milter = inet:localhost:8893' postconf 'dmarc_milter = inet:localhost:8893'
# Make sure to append the OpenDMARC milter _after_ the OpenDKIM milter! # Make sure to append the OpenDMARC milter _after_ the OpenDKIM milter!
# shellcheck disable=SC2016 # shellcheck disable=SC2016
sed -i -E '/\$dmarc_milter/! s|^(smtpd_milters =.*)|\1 \$dmarc_milter|g' /etc/postfix/main.cf _add_to_or_update_postfix_main 'smtpd_milters' '$dmarc_milter'
sed -i \ sed -i \
-e "s|^AuthservID.*$|AuthservID ${HOSTNAME}|g" \ -e "s|^AuthservID.*$|AuthservID ${HOSTNAME}|g" \

7
target/scripts/startup/setup.d/security/rspamd.sh
View file

@ -138,7 +138,7 @@ function __rspamd__setup_postfix() {
postconf 'rspamd_milter = inet:localhost:11332' postconf 'rspamd_milter = inet:localhost:11332'
# shellcheck disable=SC2016 # shellcheck disable=SC2016
sed -i -E 's|^(smtpd_milters =.*)|\1 \$rspamd_milter|g' /etc/postfix/main.cf _add_to_or_update_postfix_main 'smtpd_milters' '$rspamd_milter'
} }
# If ClamAV is enabled, we will integrate it into Rspamd. # If ClamAV is enabled, we will integrate it into Rspamd.
@ -180,6 +180,7 @@ function __rspamd__setup_default_modules() {
metric_exporter metric_exporter
) )
local MODULE
for MODULE in "${DISABLE_MODULES[@]}"; do for MODULE in "${DISABLE_MODULES[@]}"; do
__rspamd__helper__enable_disable_module "${MODULE}" 'false' __rspamd__helper__enable_disable_module "${MODULE}" 'false'
done done
@ -289,7 +290,7 @@ function __rspamd__handle_user_modules_adjustments() {
# #
# @param ${1} = file name in ${RSPAMD_OVERRIDE_D}/ # @param ${1} = file name in ${RSPAMD_OVERRIDE_D}/
# @param ${2} = module name as it should appear in the log # @param ${2} = module name as it should appear in the log
# @patam ${3} = option name in the module # @param ${3} = option name in the module
# @param ${4} = value of the option # @param ${4} = value of the option
# #
# ## Note # ## Note
@ -333,7 +334,6 @@ function __rspamd__handle_user_modules_adjustments() {
while read -r COMMAND ARGUMENT1 ARGUMENT2 ARGUMENT3; do while read -r COMMAND ARGUMENT1 ARGUMENT2 ARGUMENT3; do
case "${COMMAND}" in case "${COMMAND}" in
('disable-module') ('disable-module')
__rspamd__helper__enable_disable_module "${ARGUMENT1}" 'false' 'override' __rspamd__helper__enable_disable_module "${ARGUMENT1}" 'false' 'override'
;; ;;
@ -367,7 +367,6 @@ function __rspamd__handle_user_modules_adjustments() {
__rspamd__log 'warn' "Command '${COMMAND}' is invalid" __rspamd__log 'warn' "Command '${COMMAND}' is invalid"
continue continue
;; ;;
esac esac
done < <(_get_valid_lines_from_file "${RSPAMD_CUSTOM_COMMANDS_FILE}") done < <(_get_valid_lines_from_file "${RSPAMD_CUSTOM_COMMANDS_FILE}")
fi fi